Main Vulnerability Database SB2022012607

SB2022012607 - Red Hat Enterprise Linux 8.1 update for polkit

Published: January 26, 2022 Updated: April 27, 2023

Security Bulletin ID SB2022012607

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2021-4034)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper handling of the calling parameters count in the pkexec setuid binary, which causes the binary to execute environment variables as commands. A local user can craft environment variables in a way that they will be processed and executed by pkexec and execute arbitrary commands on the system as root.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2022:0268